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Abstract. The objective of this paper is to solve the controller synthesis problem for bisimulation equivalence 
in a wide variety of scenarios including discrete-event systems, nonlinear control systems, behavioral systems, 
hybrid systems and many others. This will be accomplished by showing that the arguments underlying proofs 
of existence and methods for the construction of controllers are extraneous to the particular class of systems 
being considered and thus can be presented in greater generality. 



1. Introduction 

The notion of bisimulation, introduced by Park jParSl) and Milner |Mil89| in the context of concurrency 
theory, has been successfully used as a mechanism to mitigate the complexity of software verification ^CG P99| . 
Recently, the same notion was shown to be relevant for continuous [ydS04, TP04^ [Gra07j . switched ^PvdSdB06j . 
hybrid |HTP05j and abstract state systems |PvdSB05) . What makes bisimulation appealing it the possibility 
of rendering systems of different "sizes" equivalent. Here, size needs to be interpreted differently according to 
the context. When dealing with systems described by finite models, such as discrete-event systems, size means 
cardinality of the state set. In the case of continuous control systems, size means dimension of the state-space 
and in the hybrid case size needs to be interpreted as a combination of cardinality and dimension. 

Bisimulation also plays an important role in system synthesis. One can start with a simple model 5 of a system 
and try to design a controller C acting on the plant P so that the resulting system C || P is equivalent to S. 
When equivalence is interpreted as isomorphism, the specification S needs to be as complejfl as the designed 
system C || P and this makes this strategy appealing only for small systems. However, when bisimulation is 
used as equivalence, we can have a specification S being much simpler than the designed system C \\ P. This 
observation naturally motivates the following controller synthesis problem: 

Problem 1.1. Given a plant P and a specification S does there exist a controller C such that the composition 
C II P is bisimilar to S? If so, how do we construct C? 

We will solve Problem ll.ll in a variety of different contexts thereby recovering known results and proving new 
ones. The path towards generality followed in this paper is not based on the choice of a model of system that 
is general enough to contain all the other models as particular cases. Instead, we will work with all the models 
at the same time. This will be accomplished through the use of elementary ideas from category theory. By 
proving the results outside any particular class of systems we are able to distill the crucial requirements leading 
to the existence and the construction of controllers for bisimulation equivalence. The categorical prerequisites 
are minimal and all the definitions and constructions will be illustrated throughout the paper with transition 
systems and nonlinear control systems. 

At the technical level we will use the open maps framework of Joyal and coworkers |JNW96| to reason about 
bisimulation. This framework had already been used in |Tab04| to shown that the controller synthesis problem 
is solvable in polynomial time for deterministic transition systems and deterministic timed transition systems 
thus recovering existing results in the computer science literature, see for example |MT02| and the references 
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"'^Since most notions of isomorphism are based on an invertible map between the state sets. 
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therein. The results of this paper can be seen as a generahzation of [Tab04| to a wider class of systems 
comprising also nonlinear control systems, behavioral systems and hybrid systems. 



Given a set S we denote by S* the set of all finite strings obtained by concatenating elements in S. An element 
s of S* is therefore given hy s = S1S2 ■ ■ ■ Sn with S 5 U {e} for i = 1, . . . ,n and where e satisfies se = es = s 
for any s G S. The length of a string s G S* is denoted by \s\. Given a map f : A ^ B we shall use the same 
letter to denote the extension of f to f : A* ^ B* defined by: 



The identity map on a set A will be denoted by 1^. When / : A/ — > is a smooth map between smooth 
manifolds, Tf will denote the tangent map Tf : TM — » TN taking tangent vectors X G T^M at x G M to 
tangent vectors T^f ■ X e Tf^^^N at f{x) G N. Here TM = UxeAiT^M denotes the tangent bundle of M. 
Map / is said to be a diffeomorphism if there exists a smooth map g : N M satisfying fog — 1 jy and 
90 f = Im- 



Recall that a category is a collection of objects, that in this paper will model systems^ and morphisms relating 
objects. We shall not recall here the precise definitionj0 but rather give some simple examples. If one is 
interested in linear algebra it is natural to take vector spaces as the objects of study and linear maps as 
morphisms between these objects. If differential geometry is the subject of investigation, objects would be 
smooth manifolds and smooth maps could be taken as morphisms resulting in the category Man. When 
only the topological structure is of interest, topological spaces would be the objects of study and continuous 
maps would serve as morphisms. As a final example we mention Set, the category having sets as objects and 
maps between sets as morphisms. To keep the discussion as concrete as possible we will use two examples 
to illustrate all the definitions and results throughout the paper. The first considers transition systems as a 
model! for discrete-event systems. 

3.1. Transition systems. A transition system can be seen as a very elementary model of discrete-event 
systems having while applicability in the formal verification of software [CGP99| . 

Definition 3.1. A transition system T is a tuple T — {Q,i,L, >- ) where: 

• Q is a finite set of states; 

• t E Q is the initial state; 

• L is a finite set of labels; 

• «- CQxLxQisa transition relation. 

An element {p, I, q) G ^ will be denoted by the more suggestive notation p — ^ q. When a transition 

system is used as a model of software, the software execution is described by the notion of run. 

Definition 3.2. A run r of a transition system T — {Q, %, L, ) is a string r £ L* for which there exists 

another string s £ Q* satisfying: 



2. Notation 



/(S1S2 • ■ • Sn) = .f(si)/(s2) 



•/(Sn). 



3. Systems in categories 



(1) ^1 
(2) 




Si+i with i = 1, . . . , |r|. 



The interested reader is referred to |Lan71l . 

'Other models for discrete-event systems are discussed in Section |7. II 
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A state q ^ Q is said to be reachable in T if there exists a run r such that the associated string s £ Q* satisfies 
Si+i = q- 

One possible category for the study of transition systems, denoted by Tran, consists of transition systems as 
objects and morphisms defined as follows: 

Definition 3.3. A morphism Ti » T2 from transition system Ti ~ {Qi,ii, Li, — j->- ) to transition system 

T2 = (Q2,«2,i2, — ^ ) consists of a pair of maps / = {lQ,fL) with fq : Qi ^ Q2 and /l : ii — > L2 
satisfying: 

(1) /q(«i) = 12; 

(2) pi qi implies /q(pi) '^^^'"^ ^ fqiqi)- 

Other notions of morphism are possible, e.g. |WN94| . but this one will sufhce for our purposes. Note that a 
morphism from Ti to T2 is guaranteed to take runs of Ti into runs of T2. 

Proposition 3.4 (Adapted from [WN94| ) . Let Ti >- T2 be a morphism in Tran. Then, for every run r 

ofTi, /i(r) is a run 0/T2. 

3.2. Control systems. Nonlinear control systems provide the other example that will be used throughout 
the paper. 

Definition 3.5. A control system S is a triple {U, M, F) where C/ is a smooth manifold describing the input 
space, M is a smooth manifold describing the state space and F : M x U ^ TM is a smooth map describing 
the system dynamics. 

Trajectories of control systems are defined as usual. 

Definition 3.6. A smooth curve x : / ^ M is said to be a trajectory of a control system E = {U,M,F) if 
/ C R is an open interval containing the origin and there exists a smooth curve u : / — > f7 satisfying: 

^x(t) =F(x(t),u(t)), tel 

We will say that a control system S is observable with respect to a smooth map f : M x U ^ X ii ioi any 
two trajectories x and y of E, x 7^ y implies / o x ^ f ° Y- 

The categor}0 of control systems, denoted by Con, has control systems for objects and morphisms defined as 
follows. 

Definition 3.7. A morphism Ei >■ E2 from control system Ei = {Ui, Mi, Fi) to control system E2 = 

{U2, M2, F2) consists of a pair of smooth maps / — {fMifu) with /a/ : Mi M2 and fu ■ Mi x Ui ^ U2 
satisfying: 

(3.1) T,/m ■ Fiix,u) = F2{fMix),.fu{x,u)) 

As was the case in Tran, morphisms in Con transform trajectories into trajectories: 

Proposition 3.8 (Adapted from |PLS00j ). Let Ei >- E2 be a morphism in Con. Then, for every trajectory 

X o/Ei, o X is a trajectory 0/E2. 

4. BISIMULATION AND OPEN MAPS 

In this section we quickly review the open maps framework introduced by Joyal and co-workers in |JNW96] 
and apply it to Tran and Con. 



^See also IElk98l ITPOS] . 
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4.1. General theory. We consider a category S of systems with morphisms X » Y describing how system 

Y simulates system X. In this framework, the notion of bisimulation is introduced by resorting to the notion 
of path. We thus consider a subcategory P of S of path objects whose morphisms describe how paths objects 
can be extended. Bisimulation is now described through morphisms possessing a special path lifting property: 



Definition 4.1. A morphism X 



f 



Y is said to be P-open if given the following commutative diagram: 




where C and D are path objects, there exists a diagonal morphism D ► X making the following diagram 

commutative: 




that is, c = r o e and d = f o r. 
4.2. Examples. 



4.2.1. Transition systems. The notion of bisimulation was introduced by Park [Par81| and Milner |Mil89j in 
the context of transition systems as follows: 

Definition 4.2. Let Ti and T2 be transition systems with the same label set L. A relation R C Qi x Q2 with 
(?i,«2) S i? is said to be a simulation relation from Ti to T2 if (pi,P2) G R implies: 



(1) Pi 



qi in Ti implies existence of P2 



q2 in T2 with (gi, 92) £ ^■ 



A relation R Q Qi x Q2 is said to be a bisimulation relation between Ti and T2 if (pi,P2) G R implies in 
addition to H]): 



(2) P2 



(72 in T2 implies existence of pi 



qi in Ti with (gi, 92) G ^■ 



Transition systems Ti and T2 are said to be bisimilar if there exists a bisimulation relation between them. 



According to this definition, transitions in Ti must be matched by transitions in T2 with the same label and, 
conversely, transitions in T2 must be matched by transitions in Ti also with the same label. To capture 
this requirement on the labels, using the open maps framework, we fix a set of labels L and let S be the 
subcategory Tran/, of Tran consisting of transition systems with label set L and morphisms f Ti ^ T2 
satisfying — 1^. For the path subcategory P we take the fulfl subcategory of S defined by objects of the 
form: 



(4.1) 



92 



— - 93 ' 



9n 



category D is a full subcategory of a category C when any object of D is also an object of C and for any two objects X 
and Y in D, if X — Y is a morphism in C then it is also a morphism in D. 
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with qi ^ I and qi ^ qj for i ^ j- Note that any morphism T » Ti from a path object T describes a run 

hh ■ ■ ■ In-i of Ti through the sequence of transitions fQ{qi) ^'"^ ' — fqiqi+i) in Ti. Conversely, every run of 
Ti can be described by a morphism from a path object into Ti. 

With this choice for S and P we recover Park [ParSlj and Milner's [Mil89| notion of bisimulation through a 
diagram of P-open maps. 

Theorem 4.3 f |JNW96] ). Let Ti and T2 be objects in S. Ti is bisimilar to T2 iff there exists a diagram: 

(4.2) Ti ^— T T2 

where a and (3 are P-open morphisms. 

The intuition behind the diagram (|4.2p can be understood by noting that a diagram C -«-^ — B — ^ D in Set 
defines a relation R C C x D hy {c, d) e i? if there is a 5 G S such that f{b) — c and g{b) — d. Conversely, given 

a relation R C C x D we can always construct a diagram C R — ^ D where / — TTc oi and g = ttd oi 
with i : R C X D being the natural inclusion of i? in C x £), and ttc '■ C x D ^ C and tt/j : C x D ^ D the 
natural projections. The diagram (14. 2p is then simply defining the relation R C Q1XQ2 with (gi, (72) ^ Q1XQ2 
if there exists a q d Q such that Q:Q((i') = (Ji and (iqiq) — q2- Since a is P-open, transitions in Ti can be 
lifted, as described in Definition 14.11 to T and then mapped to T2 through the morphism /3. We thus see 
that P-openness of a ensures that i? is a simulation relation from Ti to T2. Moreover, as (3 is also P-open, 
transitions in T2 can also be matched by transitions in Ti thus making R a bisimulation. 

4.2.2. Control systems. The notion of bisimulation was recently studied in the context of nonlinear control 
systems jvdS041 [TP041 [HTP05| . In this paper we formalize bisimulation for control systems as follows: 

Defimtion 4.4 (Adapted from |TP04[ [HTP05] ). Let Si = (Ui,Mi,Fi) and S2 = (C/2,Af2,^2) be control 
systems and let R C A/i x M2 be a submanifold of Mi x M2 for which the natural projection maps tti : R ^ Mi 
and TT2 '■ R ^ M2 are surjective submersions. Relation R C Mi x M2 is said to be a simulation relation from 
Ml to M2 if {xi,X2) & R implies: 

(1) for any trajectory Xi : / ^ Mi of Ei with xi(0) = xi there exists a trajectory X2 : / ^ M2 of S2 
with X2(0) = X2 such that (xi(t), X2(t)) £ R for every t G / nRo . 

A relation R C AIi x M2 is said to be a bisimulation relation between Ei and S2 if (a;i,a;2) G ^ implies in 
addition to |T]): 

(2) for any trajectory X2 : / — > M2 of S2 with X2(0) = X2 there exists a trajectory Xi : / ^ Mi of Ei 
with xi(0) = xi such that (xi(i), X2(t)) £ i? for every t e / n Rq . 

When control systems Si and S2 are equipped with observation maps hi : Mi O and ft.2 ■ M2 — > O, 
respectively, the above notion can be strengthened by requiring that states {xi, X2) ^ R also satisfy hi{xi) = 
h2{x2)- This is the approach taken in [vdS04| which can also be captured in the proposed framework by 
defining a category of control systems equipped with observation maps. 

Definition 14.41 requires i? to be a manifold and the projection maps ni : R —> Mi to be surjective submersions. 
Although the notion of bisimulation still makes sense without these technical requirements, they are used to 
guarantecQ that bisimulation is a notion of equivalence in Con as discussed in |HTP05j . 

In order to describe bisimulations in Con through open maps we take S=Con and consider the full subcategory 
of Con defined by objects of the form E = ({*},/, F) where {*} is a set with a single element *, / C R is 
an open interval containing the origin and F is defined by F{t, *) — F{t) — 1 for any t £ L Intuitively, S 

^The open maps approach requires a category with finite pullbacks. Con is based on Man since the state and input spaces are 
manifolds and in Man pullbacks do not always exist. This can be remedied by using surjective submersions for which pullbacks 
are guaranteed to exist. 
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describes time modeled as a control system. A morpliism S » Ei from a path object S is described by a 

pair of smooth maps /m : I ^ M and fu'-I~^U satisfying (13. 1^ : 

^/M(t) = TtfM ■ 1 = TtfM ■ Fit) = F,ifM{t)Ju{t)) 
f 

We thus see that a morphism E ► Ei from a path object describes a trajectory /m : I ^ M of Si induced 

by the input curve fij:I~^U. Conversely, every trajectory of Ei can be seen as a morphism from a path 
object into Ei. 

With this choice for S and P we have the following result: 

Theorem 4.5 ( |HTP05] ). Let Ei and E2 be objects in Con. Ei is bisimilar to E2 iff there exists a diagram: 



where a and [3 are P-open morphisms with um o,nd (3m surjective submersions. 

5. Composition as a pullback 

Before addressing problems of control we need one last ingredient: composition of systems. Although com- 
position assumes very different forms for different classes of systems we can obtain a unified description by 
resorting to the n otion of pu llback. The use of puUbacks to describe system composition has been used several 
times before, e.g. |BBC+03[ [A"SVS06| . 

5.1. General theory. 

Definition 5.1. The pullback of two morphisms X A and Y ^" ^ A in a category is a pair of morphisms 

Z — ^ X and Z — ^ Y satisfying Xa o a — ya o P and such that for any other pair of morphisms Z' ► X 

and Z' » Y satisfying Xa o a' ~ ya ° P' there exists a unique morphism Z' ► Z making the following 

diagram commutative: 




A 



The pullback of X — ^ A and Y — ^ A is denoted hy X y-AY. When the pullback of any two morphisms 
X ► A and Y ^° ► yl in a category S exists we say that S has binary puUbacks. As with many other 
definitions in category theory, puUbacks are uniquely defined up to isomorphism. This means that any two 
objects Zi and Z2 satisfying the above definition are necessarily isomorphic in the sense that there exist 
morphisms f : Zi ^ Z2 and g : Z2 ^ Z\ satisfying f ° g ~ ^^id g o / = 1^^ . 

PuUbacks X xaY in Set can be constructed by first computing the Cartesian product X x Y and then 
selecting the elements of {x,y) ^ X xY satisfying the equality Xa{x) = ya{y)- X xmY is then given by the set 
{{x,y) € XxY I Xa{x) = yaiu)} equipped with the maps a = nxoi and /? = vry where i : X x mY ^ X xY 
is the natural inclusion of AT XaY into X x Y, and ttx : X x Y ^ X and ny ■ X x Y ^ Y are the natural 
projections. We leave to the reader to verify that X XaY constructed as described above does satisfy 
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Definition 15.11 The same idea underlies the construction of puUbacks in Tran and Con as described later in 
this section. The object A serves as a mediator or interface between the objects X and Y. By changing A, Xa 
and Ua we can model a wide variety of interconnections between systems. When A is seen as an interface we 
can regard the morphisms Xa and Ua the description of how the internal state is exposed through the interface. 
In this way, the puUback X XaY describes the result of interconnecting X to F through the interface A. 
However, more interesting types of interconnection, such as feedback, can still be modeled by puUbacks as we 
next describe. 

5.2. Examples. 

5.2.1. Transition systems. The most frequently used composition of transition systems requires synchroniza- 
tion on common labels or events. 

Definition 5.2. Let Ti = {Qi,ii,L, — j->- ) and T2 — {Q2,i2,L, — ) be transition systems. The parallel 

composition of Ti and T2, denoted by Ti || T2, is the transition system Ti \\ T2 — (Q12, ^12,^12, ^ ) defined 

by: 

• Q12 = Qi X Q2; 

• «i2 = («i,«2); 

• L12 = £; 

• iPiiP2) (gi, 92) in Ti II T2 if pi — j-^ qi in Ti and p2 — ^ 52 in T2. 

In order to model Ti || T2 as a puUback in Tran^ we first note that given Ti *^'' > Ta and T2 *^° > Ta we can 
construct Ti Xt^ T2 by first constructing the state set as: 

{(91,92) e Qi X Q2 I tiagiqi) ^20(3(92)} 
and then constructing the transition relation as: 

{{{Pl,P2),l, (91,92)) eQ X LxQ \ {tiaQ{pi),l,tiaQ{qi)) = (t2aQ (P2 ) , ^ , i2aQ (92 ) ) } 

Using this insight we define the transition system Ta = (Qa, ^a, — ): 

= {*}, M = H<, La = L, — ^ =|J{(*'^'*)} 

and note that for any transition system T = {Q,i,L, >- ) there exists a morphism T ► Ta defined by 

taqiq) ~ * for every q & Q and taL = li- We now have the following description of Ti || T2: 

Proposition 5.3. Let Ti and T2 he transition systems with label set L. Then, the parallel composition Ti \\ T2 
is the puUback of Ti Ta and T2 — ^ Ta in Tran^. 

a P 

Proof sketch. Ti Xrp^ T2 is equipped with morphisms Ti Xrp^ T2 » Ti and Ti Xt^ T2 » T2 defined by 

ag = ttqj^, ttL = 1l, /9q = ttq.^ and /3l = 1l where ttq. : Qi x Q2 — > Qi are the natural projections. It is not 

difficult to verify that <ia oa — tibo (]. Let now T be a transition system equipped with morphisms T ► Ti 

0' . . ... 7 

and T T2 satisfying tia o a' — t2a ° /?'• Wc now show existence of a unique morphism T » Ti Xta T2 

satisfying ao"f = a' and /3o7 — (3' . Since in Tran^ every morphism / has fh — ^L^c conclude that 7l — 1l. 
Moreover, we define 7q by 7Q(q) = (a^((j), ^^(g)) . It then follows that aq o -fQ{q) = aQ(a^(q), ^^(g)) = 
'^Qi{a'Q{q),l3Qiq)) ^ a'^iq). Similarly, /3Q07Q(g) = /3q (0^(9), /3q(9)) = ttq, (a^(q), ^^(g)) = /3q(9). Assume 
now that 7 is not unique and let 7' be another morphism from T to Ti Xt^^ r2 satisfying a o ^ — a' and 
/3 o 7' = /3'. Then, ttq^ o 7^(5) = ag o 7^(5) = a^(g) = ag o 7g(q) = TTg, o 7g((j) and 7rg, o 7^(5) = 
/3q ° 7g(9) = /5g(9) = /3q ° 7q(9) = ^rg, o 7g(g). Since ttq^ o j'q = jq and Trg^ o 7^ = 7g we conclude that 
7q = 7g. The equality 7' = 7 now follows from 7^ = 1l=7l- D 
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The mediator T4 is rather special in that any string r G L* is a run of . This choice for Tj^ was designed to 
guarantee that runs of Ti T2 are the intersection of the runs of Ti and T2. Note that a run of Ti Xtj, T2 
should be a pair (r, s) where r is a run of Ti and s is a run of T2 that satisfy r = iiaL(r) = tiaL{s) = s. We 
can, therefore, identify these pairs with the runs r = s G L* of Ti and T2. The next section will use very 
different choices for the mediating object since we are no longer interested in the intersection of behaviors but 
rather on feedback. 

5.2.2. Control systems. Control systems can be composed in many different ways. In this section we focus 
our attention on feedback interconnections. The first kind of interconnection describes the effect of applying 
a feedback control law u = k{x,v) to a control system F{x,u) resulting in the closed loop system described 
by F{x, k{x,v)). Note that as a special case we have control laws u = k{x) resulting in closed loop systems 
F{x, k{x)) which are no longer affected by the input. 

Definition 5.4. Let Ei = {Ui, Mi, Fi) be a control system and let k2 : Mi x U2 ^ Ui he a. smooth feedback 
law. The feedback interconnection between Ei and k2 is the control system S = {U,M,F) with U = U2, 
M = Ml and F{xi,U2) — Fi{xi, k{xi,U2)) for every xi G Mi and U2 G U2- 

The second kind of interconnection models the effect of dynamic feedback. 

Definition 5.5. Let Ei = {UixVi, Mi, Fi) and E2 = (C/2 XV2, M2, F2) be control systems. The feedback inter- 
connection between Ei and E2, with interconnection maps (pi : Afi — > U2 and 02 : M2 Ui, is the control sys- 
tem E = {U,M,F) with C/ = Vi xV2,M = MixM2 and F{x,u) = {Fi{xi, {(I)2ix2),vi)), F2{x2, iMxi),V2))) 
for every xi G Mi, X2 G M2, vi G Vi and V2 € V2. 

Feedback interconnections can be seen as puUbacks by properly defining the mediating object Eyi and the 
morphisms Ei y^a and E2 Eyi as shown in the next propositions. 

Proposition 5.6. Let Ei = {Ui, Mi, Fi) and E2 = {U2, M2, F2) be two objects in Con where M2 ~ Mi and 
-^2(2^2,^2) = Fi{x2,k{x2,U2)) for a smooth feedback law k : M2 x U2 ^ Ui. The feedback interconnection of 

El with k is the pullback 0/ Ei _flfj> y^a and E2 E^ where Y,a = Si, aiahiixi) = xi, a2aMix2) ~ ^2, 

criau{xi,ui) — Ui and (J2au{x2,U2) = k{x2,U2) for every xi G Mi, X2 G M2, ui G Ui and U2 G U2- 

Proof sketch. The result follows by noting that the state space of Ei x^^ E2 is the set of pairs (xi,a;2) G 
Ml XM2 satisfying aiaM^Xi) = (T2aM{x2)- Since aiaM = = Ia/2 = i^2aM we can identify M with Mi = M2 
through (x,x) ^ x. The input space is the set of pairs (ui, U2) G U1XU2 satisfying ciauixijUi) = cr2aU {x2,U2), 
or equivalently, ui — k{x2,U2). We can thus identify the set of inputs with U2 through (A;(a;2, M2), U2) ^ "2- 
Finally, F will be given by the restriction of (i^i (xi, ui), ^2(3^2, U2)) to M x [/ which can be identified with 
the points {{x,x), {{k{x,u),u)) G (Mi x M2) x {Ui x U2) thus leading to F{x,u) — Fi(x,k{x,u)). □ 

Proposition 5.7. Let Ei — {Ui x Vi, Mi, Fi) and E2 = {U2 x V2, M2, F2) he two objects in Con and consider 
the object Y^a — {U a, Ma, Fa) with Ua = Ui x U2, Ma ~ {*} and FA{*,Ua) = for every Ua G Ua. The 
feedback interconnection of 'Si and E2, with interconnection maps (pi : Mi U2 and (p2 ■ M2 — > Ui, is the 
pullback o/Ei E^ and E2 E^ ivhere aiamixi) = *, (T2aM{x2) = *, (7iau{xi,[ui,vi)) = {ui,(pi{xi)) 

and a2au{x2, (u2,W2)) = {(p2ix2),U2) for every xi G Mi, X2 G M2, ui G Ui, U2 G U2, vi G Vi and V2 G V2. 

Proof sketch. Similar to the proof sketch of Proposition [521 D 

Note that arbitrary puUbacks do not exist in Con since they do not exist in Man. However, the above defined 
pullbacks are guaranteed to exist. 
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6. Existence and synthesis of controllers 



6.1. General theory. We now consider the control synthesis problem for bisimulation equivalence. We 
assume that we are given: 



(1) a morphism P 

(2) a morphism S 



Pa 



A describing the plant P and the mediator A to be used for control; 
A describing the specification S and how it relates to the mediator A. 



Based on this data we formulate the notion of controller as follows: 



Pa 



A, s 



A and C 



Definition 6.1. Let P 

C ► yl is a bisimulation controller for plant P 
commutative diagram: 



(6.1) 



in which s and cp are P-open morphisms. 



A he morphisms in a category S. The morphism 
A, enforcing specification S - A, if there exists a 




CxaP 



The diagram S 



cp 



C Xa P oi P-open morphisms in diagram 



requires the closed loop system 



C P to be bisimilar to S. Moreover, commutativity of (|6.ip imposes the additional requirement that any 



two states related through the relation defined by the diagram S 



C xaP are indistinguishable by 



the mediator. This is a natural requirement since both the specification S and the controlled system C xa P 
should behave in the same way when composed with other systems through the mediator A. 

We now introduce what can be seen as an observability property. 

/ 



Definition 6.2. Let X 

following commutative diagram: 



y be a morphism in S. We say that / is a P-faithfull morphism if given the 




where C and D are objects in P, existence of diagonal morphisms D >- X and D >- X making the 

following two diagrams commutative: 





implies r = s. 



We postpone until Section 16.21 a discussion of P-faithfulness in the concrete context of transition systems and 
control systems. The main contribution of this paper can now be stated as follows. 
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Theorem 6.3. Let P 



A and S 



A for plant P 



A enforcing 



A he morphisms in a category S with binary pullbacks and assume 

that P ^° ► A is P-faithfull. There exists a hisimulation controller C " ^ '- -^ " ^" 

specification S ► A iff there is a commuting diagram 

Z 

r\ / \ 

(6.2) 



A exists, we can take C 




with 7 a P-open morphism. Furthermore, when a hisimulation controller C 
and Ca = Sa ■ 



Proof. Assume that a hisimulation controller C exists. Then, we have a commuting diagram: 

X 



(6.3) 



where s and cp are P-open. Taking Z = X, 7 = s and 6 = p o cp, where p is the morphism C P 
we have a commuting diagram as in (|6.2p . Clearly, 7 is P-open. 




P. 



Assume now that diagram (j6.2p exists and let us prove that C = S and Ca = Sa is the desired controller. It 



follows from the definition oi S XaP the existence of a unique morphism Z 



S Xji P satisfying so ^ = ^ 



and po ^ = S. The remaining proof consists in showing that ^ is P-open since in this case the result follows 
from the commuting diagram: 

Z 



SxaP 



(6.4) 



where 7 is P-open by assumption. Consider the following commutative diagrams: 

c _ „ c 




C 



(6.5) 



D 



SxaP 




S O fj. 



where s is the morphism S Xa P - 
D — ^ Z for the right diagram in 



S. Since s o — j and 7 is P-open, there exists a diagonal morphism 

5|) . We now show that D — ^ Z is also the desired diagonal morphism 
for the left diagram in (|6.5p . We first note that equality c ~ r o e is inherited from the right diagram so that 
we only need to show that fio r — d. The equality will be proved by noting that it follows from the fact that 
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S Xa P is a pull-back that any two morphisms D — ^ S XaP and D ^ S x^P are necessarily the same 
when the following two conditions hold: 

(6.6) s o fj, o r — sod 

(6.7) p o II o r — pod 

Equality (|6.6p follows from the right diagram in (|6.5p and equality (|6.7p follows from pa being uniquely P-open 
and the equality pa o p o o r = pa o p o d. 

□ 

6.2. Examples. 

6.2.1. Transition systems. For the choice of S and P described in Section l4.2.H P-faithfulness of a morphism 

T *° ► Ta is implied by determinism of T. Recall that a transition system is deterministic when p >■ qi 

and p ^ q2 imply qi = g2- Determinism of T guarantees that a run r € L* uniquely determines the 

string s ^ Q* satisfying Si — '—^ s^+i and thus implies P-faithfulness of T — ^ Ta- Recalling that a diagram 

X " Z >■ Y with a a P-open morphism can be seen as a simulation relation from X to K we have the 

following corollary of Theorem 16.31 

Corollary 6.4. Let Tp and Ts he transition systems and assume that Tp is deterministic. There exists a 
transition system Tc making Tq \\ Tp bisimilar to Tg iff there exists a simulation relation from Tg to Tp. 

Combining this corollary with existing results on the existence and computation of simulation relations [BP95[ 
IHHK95j we immediately conlude that the controller synthesis problem for deterministic plants can be solved 
in polynomial time thus recovering the results in jMT02j . In section 17.11 we compare this result with existing 
results for other models of discrete-event systems. 

As a simple example consider the transition systems displayed in Figure [TJ 



Ts Tp Ts II Tp 




Figure 1 . From left to right we have the transition systems modeling the specification, plant 
and closed-loop system. The closed-loop system is represented without states that are not 
reachable from the initial state. 

It is not difhcult to see that the relation R — {{po, qo), (pi, ^i), {P2, 9i), {ps, Qs)} is a simulation relation from 
Ts to Tp. According to Corollary 16 .41 there exists a controller Tc making Tc \\ Tp bisimilar to Ts- Moreover, 
we know from Theorem 16.31 that we can use Tc — Ts. Computing Ts \\ Tp we obtain the transition system 
on the right of Figure [1] which is equal to Ts and, in particular, bisimilar. A this example illustrates, even 
though the plant is required to be deterministic, the specification can be nondeterministic. 
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6.2.2. Control systems. In the context of control systems there are several conditions ensuring P-faithfulness 
of a morphism Ei ► S^. We shall only mention the following two that will be used when discussing 
feedback interconnections: 

(1) the map aia = {criaM, f^iau) ■ Mi x Ui ^ Ma x Ua is injective; 

(2) the system Sp is observable with respect to the map aiaii : M x U Ua- 

Both of these assumptions guarantee that we can uniquely recover the (state) trajectory and input curve 
defined by a morphism S — ^^-^ Ei with S in P from S — Si — ^ E^. In particular, the feedback 



interconnection presented in Definition 15.41 always satisfies the first assumption. With these considerations in 
place we can state the following corollary to Theorem 16.31 

Corollary 6.5. Let Ep = [Up, Mp, Fp) and E5 be control systems. The following hold: 

(1) There exists a smooth feedback control law k : Mp x Uc Up making the feedback composition between 

Sp and k bisimilar to S5 iff there exists a morphism S5 — ^ Ep such that fM is a diffeomorphism. 

(2) Assume that Ep is observable with respect to <7iaU- There exists a control system Ec making the 
feedback composition between Ep and Ep, with interconnection maps (j)p and (pg, bisimilar to Y^g iff 
there exists a simulation relation R from to Ep satisfying: 

{xs,Xp)eR => {Fs{xs,i(l)pixp),Vs)),Fp{xp,{(l)s{xs),Vp))) eTR 



Corollary [63] is a straightforward instantiation of Theorem 16.31 which nevertheless completly characterizes the 
solution to the controller synthesis problem using the feedback interconnections in Definitions 15.41 and 15.51 
These are novel results that had not been reported in the literature before. Moreover, when F is control 
affine, P-openness of morphisms can be cheked by using the differential geometric characterizations developed 
in |vdS04llTF04] . 

As a simple illustration of Corollarv l6.5l consider the control system Ep defined by: 

(6.8) x^u 
with a:, u G M, and consider also the control system Eg: 

(6.9) yi = y2 

(6.10) m = V 

with, yi,y2,v eM. Assume now that we want to construct a controller rendering control system E p bisimilar 
to E5. We first construct the morphism / = {fM,fu) ■ x M ^ M x M from E5 to Ep by defining 
/m(?/i,Z/2) = yi and fu{{yi,y2),v) = Z/2- The graph R of /m: 

i?= {((yi,2/2),x) gM^ I yi^x} 

is thus a simulation relation from the specification to the plant. This can be seen by constructing the diagram 

Eg -< E5 >■ Ep with the identity morphism on Es which is clearly P-open. The relation TR is 

characterized by the equality yi — x or equivalently by j/2 = u- We can thus define: 

^s{y)^y2, 0p(a:) = *, K = {*}, C/s = M, Vp=^, Up = {*} 

in order to conclude that for every (y,x) G R we have {Fs{y,v),Fp{x,(j>s{y))) G TR. It now follows from 
observability of the plant with respect to aiaii and from CoroUarv 16.51 the existence of the desired controller. 
From Theorem 16. 31 we know that we can use the specification as the controller which in this case results in the 
closed loop system: 

(6.11) il = Z2 

(6.12) zi = w 

(6.13) is = Z2 
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in which we relabeled the states according to ^ zi, j/2 -^2: 2/3 ^ 2; and the input according to v w. 
The closed-loop system is easily shown to be bisimilar to the specification through the bisimulation relation: 



7.1. Discrete-event systems. In the context of supervisory control of discrete-event systems jKG951 [CL99] 

labels are usually divided into controllable and uncontrollable. Controllable labels model transitions that can 
be disabled by the controller while uncontrollable labels describe the influence of the environment which is 
beyond the influence of control. In this setting, Theorem 16.31 needs to be extended by adding one additional 
condition requiring the controller not to interfere with uncontrollable labels. Remarkably, this condition can 
be still be expressed in the context of open maps by suitable defining control paths and environment paths as 
done in |Tab04j . However, under the presence of uncontrollable labels, bisimulation loses some of its relevance 
as it fails to distinguish between controllable and uncontrollable labels. One then has to resort to altcrnatining 
bisimulation [AHKV98] and, as was shown in Tab04], the framework used in this paper can still be used to 
prove a variant of Theorem 16.31 that suitable takes into account uncontrollable labels. We refer the interested 
reader to |Tab04| since summarizing those results here would require us to consider the more sophisticated 
notion of alternating bisimulation that goes beyond the scope of this paper. 

The results in Section 16.21 relied on the determinism assumption. When this assumption fails the controller 
synthesis problem is still solvable as shown in [ZKJ06| . In this more general setting the specification can no 
longer be used as a controller and this causes an exponential blow-up in time complexity. The exponential 
nature of the solution is a direct consequence of the absence of P-faithfulness since from the path in the 
mediating object one cannot uniquely determine the corresponding path in the plant. One is then forced to 
sift through all sets of possible paths in the plant corresponding to a path in the mediating object as done 



A different version of Problem ll.ll in which bisimulation equivalence is replaced by language equivalence, has 
been thoroughly investigated since the pioneering work of Ramadage and Wonham |RW87| IRW89j . Since for 
deterministic transition systems, language equivalence is equivalent to bisimulation equivalence, many of the 
existing results can also be obtained through a variant of Theorem l6.3l in |Tab04] which distinguishes between 
controllable and uncontrollable labels. 

7.2. Behavioral systems. In the behavioral setting [PW98j one considers a time set T, usually M or N, and 
one describes a system X a.s a. subset X C for some set X. An element x G A" is a behavior for the 
variable x and X is described by the collection of all possible behaviors that x may assume. Requiring all 
the behaviors to be defined on the same time set T is restrictive since examples of nonlinear systems abound 
for which trajectories are only defined for sufficiently small time. We will thus take a more liberal view of a 
behavioral system X by regarding it as a subset X C Yiiei where I is the set of all intervals of the forrrQ 
] — a, 6[ with a, 6 > 0. 

A category of behavioral systems can be obtained by letting systems of the form Xi C JJj^j Xl and 

X2 C X2 be objects and by defining morphisms Xi >- X2 as maps / : Xi X2 taking behav- 
iors of Xl into behaviors of X2, that is, such that for every Xi G Xi we have / o xi G A:2. In the behavioral 
setting, the composition of Xi C U/gjC-'fi x Y)' with X2 C IJ/gi(^2 x Y)^ through the shared variable y €Y 



(6.14) 



{((zi,Z2,Z3),(yi,?/2)) G X I Z3 = t/i AZ2 = 2/2} 



7. Further examples and discussion 



in |ZKJ06j . 



is defined by: 




A similar onstruction can be performed for the discrete time case. 
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This composition can also be described by a puUback. To do so we consider the system A = Yiiei ^^^'^ 
morphisms Xi _4 and X2 — J[ defined by xia{xi,y) — y and X2a{x2,y) — y- It is not difficult to see 

that the puUback; of X A and X A is precisely Xi \\y X2- 

Since binary products exist we conclude that Theorem 16.31 is applicable in the Behavioral context. Existence 
of a controller is then characterized by the existence of a simulation relation from the specification to the plant 
inducing a commutative diagram such as (|6.2p . 

7.3. Hybrid systems. The controller synthesis problem for hybrid systems can also be solved under the 
proposed framework. We shall only present a brief discussion since it would take too much space to formalize 
all the necessary concepts. The interested reader can find such formalization in [HTP05| where it is shown how 
hybrid systems can be made into a category and how bisimulation for hybrid systems can also be described 
through the open maps formalism. Moreover, it is also shown in [HTP05J that the category of hybrid systems 
has binary puUbacks. As expected, Theorem 16.31 instantiated in this category implies that the controller 
synthesis problem is solvable when there exists a simulation relation from the specification to the plant. 

7.4. Other classes. In the literature one can find several models of systems that have not been explicitly 
considered in this paper such as abstract state systems [PvdSBOSj . general systems in the behavioral set- 
ting [vdSOS] and general flow systems |DT07j among many others. Provided that the corresponding categories 
have binary products the results presented in this paper also bring considerable insight into these specific 
classes of systems. 

7.5. Discussion. The controller synthesis problem for bisimulation equivalence admits a very intuitive and 
simple solution that is valid across a wide range of systems: a controller exists iff the plant simulates the 
specification. The simplicity of this statement is a consequence of the categorical approach taken in this paper 
that distilled the essence of the problem and lead to a solution bringing considerable insight into the concrete 
classes of systems to which it was applied. The proposed solution also points to the need of developping 
computational efficient methods to determine the existence of simulation relations between several classes of 
systems including control and hybrid systems. 
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